Mobile Spy Software Maker mSpy Hacked, Customer Data Leaked

mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked. Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Deep Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.”

Last week, KrebsOnSecurity broke the news that sensitive data apparently stolen from hundreds of thousands of customers mobile spyware maker mSpy had been posted online. mSpy has since been quoted twice by other publications denying a breach of its systems. Meanwhile, this blog has since contacted multiple people whose data was published to the deep Web, all of whom confirmed they were active or former mSpy customers.

From Kiev to the Seychelles via London — how we uncovered the identity of the popular “mSpy” spyware
This is a story of independent researchers following the tracks left by popular spyware developers and uncovering the multiple hidden faces this business has. We reveal every step that let us connect the semi-anonymous developers to a Kiev software company, a London venture fund with Palo Alto offices and also some carrot rockets.